ＨｉｄｅＺｅｒｏＯｎｅ

This course is geared for those interested in seeing how Security Onion is used practically to triage alerts, hunt for threats, as well as build new detections. This course consists of three case studies that briefly cover the 3 most common workflows used in Security Onion:

Case Study 1: Alert Triage & Case Creation – This case study walks through how to triage alerts within the alerts interface including escalation to TheHive.
Case Study 2: Threat Hunting – This case study focuses on threat hunting within Security Onion using the Hunt interface, targeting SSL & Sysmon logs.
Case Study 3: Detection Engineering – This case study covers ingesting Google Workspace audit logs into Security Onion and writing Sigma rules within Playbook targeting these new logs.

Practical Analysis with Security Onion 2.3

This course is geared for those wanting to understand how to build a Detection Playbook with Security Onion 2.3. Students will gain both a theoretical and practical understanding of building detections in Security Onion, reinforced with real-life examples from network and host datasources.

Syllabus

Course Welcome & Introduction to Security Onion
Security Onion Installation

tDetection Engineering
tKey Components of a Play
Operationalizing Plays with Sigma

Getting Started with Playbook
Creating New Plays

Developing Your Detection Playbook with Security Onion 2.3

This course is geared for administrators of Security Onion 2.3. Students will gain a foundational understanding of the platform – how to architect, deploy, manage and tune their Security Onion 2.3 grid.

Syllabus

Preview Course Welcome & Introduction to Security Onion

Overall Architecture
Installation – Manager Node
Installation – Search Node
Installation – Forward Node

Grid Management with Salt
Grid User Management
Grid Firewall Management
Grid Updates
Grid Hardening

Security Onion 2.3 in Production

This 16-hour information security training course will cover the core security skills all Security Operation Center (SOC) analysts need to have. These are the skills that all Black Hills Information Security (BHIS) SOC team members need to have.

Syllabus

1. Core networking skills
2. Live Windows Forensics
3. Live Linux Forensics
4. Memory Forensics
5. Active Directory Analysis
6. Network Threat Hunting
7. Basics of Vulnerability Management
8. The Incident Response Process

SOC Core Skills

The training course and certification exam were created under the supervision of our Academic Advisory Board, comprised of Senior Security Analysts, SOC Managers, and other senior security roles; ensuring it is accurate, realistic, and applicable to modern security operations.

Syllabus

Domain 1 – Security Fundamentals

Domain 2 – Phishing Analysis

Domain 3 – Threat Intelligence

Domain 4 – Digital Forensics

Domain 5 – SIEM

Domain 6 – Incident Response

BTL: Blue Team Level 1

In this course, we’ll explore Amazon Web Services (AWS) as a platform. We will take the perspective of a new startup company spinning up infrastructure in AWS for the very first time. We’ll use a scenario-based approach, where you’ll don the persona of a security engineer on your first day at a new startup. This course will demonstrate ideas like secure-by-default and will examine services and patterns for locking down defaults using a combination of open source and platform-native tooling. Finally, attendees will walk away with a practical understanding of various controls, detections, and guardrails.

Antisyphon – Securing The Cloud: Foundations